Firefox Gets Emergency Update for Critical Security Flaws
source link: https://news.softpedia.com/news/firefox-gets-emergency-update-for-critical-security-flaws-534987.shtml
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
A new version of the browser is therefore available
Mozilla has released an emergency security update for Firefox browser, as the company says it’s aware of two different vulnerabilities that were discovered in various versions of the app.
In the advisory published this week, Mozilla explains that the new patches are available for Firefox, Firefox ESR, Firefox for Android, and Focus.
The new versions that users can download right now are Firefox 97.0.2, Firefox ESR 91.6.1, Firefox for Android 97.3.0, and Focus 97.3.0.
The security vulnerabilities
The first security flaw that’s being patched with these new updates is documented in CVE-2022-26485, and it’s described as a use-after-free in XSLT parameter processing. The bug was reported by Wang Gang, Liu Jialei, Du Sihang, Huang Yi & Yang Kang of 360 ATA, and comes with a critical severity rating.
“Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing this flaw,” Mozilla says.
The second vulnerability is labeled as CVE-2022-26486, and it’s a use-after-free in WebGPU IPC Framework. The same security researchers discovered and reported this vulnerability.
“An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in the wild abusing this flaw,” Mozilla explains.
The new Firefox versions can be downloaded right now from the typical channels, and it’s worth knowing that no other improvements are part of these updates. In other words, their only focus is to resolve the reported security vulnerabilities, and given they’re both considered to be critical, users are recommended to install them as soon as possible.
In both cases, Mozilla says it’s already aware of attacks happening in the wild and supposed to abuse the flaws, so it goes without saying companies shouldn’t delay the patching by any means.
Recommend
-
2
Study reveals that an increasing number of organizations require better cybersecurity implementation According to a new WhiteHat Security re...
-
7
Hackers continue to attack their victims on a regular basis by exploiting old vulnerabilities in outdated software A joint advisory from...
-
2
Mozilla Firefox receives out of band update to patch two critical security exploits
-
3
New update released to fix 0-day vulnerability
-
3
Security News This Week: The US Emergency Alert System Has Dangerous FlawsPlus: A crypto-heist extravaganza, a peek at an NSO spyware dashboard, and more.
-
4
Sounding the Alarm on Emergency Alert System Flaws – Krebs on Security The Department of Homeland Security (DHS) is urging states and localities to beef up security around p...
-
4
News Analysis Many ICS flaws remain unpatched as attacks against critical infrastructure rise...
-
1
Microsoft has just released its latest security update for Windows 11. And it’s highly recommended that Windows 11 users update their operating system as soon as possible. The update addresses 77 security flaws, including three zero day flaws that...
-
4
News Analysis CISA warns of critical flaws in ICS and SCADA software from multiple vendors...
-
9
News Analysis MOVEit Transfer developer patches more critical flaws after security audit...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK